CVE-2012-5496

medium

Published 2014-09-30 · Modified 2023-11-08

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2

5.0

VIR risk

5.0

Description

kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://plone.org/products/plone/security/advisories/20121106/12

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://plone.org/products/plone-hotfix/releases/20121106

Ecosystem	Package	Vulnerable	Fixed
PyPI	plone	`<4.0`	`4.0`
PyPI	plone	`<3.3.6`	`3.3.6`

Vendor	Product	Versions
plone	plone	`{"endIncluding":"3.3.5"}`
plone	plone	`1.0`
plone	plone	`1.0.1`
plone	plone	`1.0.2`
plone	plone	`1.0.3`
plone	plone	`1.0.4`
plone	plone	`1.0.5`
plone	plone	`1.0.6`
plone	plone	`2.0`
plone	plone	`2.0.1`
plone	plone	`2.0.2`
plone	plone	`2.0.3`
plone	plone	`2.0.4`
plone	plone	`2.0.5`
plone	plone	`2.1`
plone	plone	`2.1.1`
plone	plone	`2.1.2`
plone	plone	`2.1.3`
plone	plone	`2.1.4`
plone	plone	`2.5`
plone	plone	`2.5.1`
plone	plone	`2.5.2`
plone	plone	`2.5.3`
plone	plone	`2.5.4`
plone	plone	`2.5.5`
plone	plone	`3.0`
plone	plone	`3.0.1`
plone	plone	`3.0.2`
plone	plone	`3.0.3`
plone	plone	`3.0.4`
plone	plone	`3.0.5`
plone	plone	`3.0.6`
plone	plone	`3.1`
plone	plone	`3.1.1`
plone	plone	`3.1.2`
plone	plone	`3.1.3`
plone	plone	`3.1.4`
plone	plone	`3.1.5.1`
plone	plone	`3.1.6`
plone	plone	`3.1.7`
plone	plone	`3.2`
plone	plone	`3.2.1`
plone	plone	`3.2.2`
plone	plone	`3.2.3`
plone	plone	`3.3`
plone	plone	`3.3.1`
plone	plone	`3.3.2`
plone	plone	`3.3.3`
plone	plone	`3.3.4`

CWE-399

Verify integrity in audit chain (admin only). AS-IS.